wipe it in the Physical Disks tab. There is no way to do this without moving data off it first though.
Thanx! but its really inconvenient.
Bitlocker or VeraCrypt on Win can permanent decrypt.
And there is a lot of data there, I will think about how best to implement it.
I noticed that the performance of Luks encrypted disks drops significantly.
but its really inconvenient.
Bitlocker or VeraCrypt on Win can permanent decrypt.
They work different. LUKS creates a block device and you put a filesystem on top of that. The others are on top of or part of the filesystem. Not much we can do.
I'm unable to add extra keys to my encrypted drive.
I'm getting a Test key error "no key available with this passphrase. Command failed with code -2 (no permission or bad passphrase).
Drive appears to encrypt successfully. I use the unlock icon and enter passphrase. It seems to accept it and the lock icon shows blue, as well as the keys icon (however, I don't get a tick mark under unlocked in the table below). But when I test the keys (1 slot in use) I get the error.
Further, I am able to select the encrypted drive to create and mount a file system. When creating a file system to shows the drive as encrypted.
Suggestions?
omv system details:
omv 6.9.1-1. 64bit, kernel 6.1.0-0
nuc celeron N3050
plugins: extras 6.3.1, flashmemory, Wetty, compose, lucksencryption 6.0, resetperms, sharerootfs, symlinks
1 x 4Tib SSD
64Gib USB OS drive
Suggestions?
Does your passphrase have any $ or ' or " in it?
yes. plenty. lol. Changing password now...
Does your passphrase have any $ or ' or " in it?
I removed those characters but then got 500 error.
Decided to change everything: cypher, label, and password (I used no special characters).
Now able to add keys however, I still don't get a tick mark when the drive is unlocked.(blue padlock work though). A bug? And for feedback, when I test a key the dialog box just disappears rather than returning 'okay' or something'. (which would be useful).
Anyway, everything appears to be working many thanks for your very speedy and helpful assistance!
And for feedback, when I test a key the dialog box just disappears rather than returning 'okay' or something'. (which would be useful).
I can't. I can only return errors. So, the lack of errors has to signify success.
I still don't get a tick mark when the drive is unlocked.
I haven't changed the plugin or tested it in 7+ months. I will have to see if I still have a test system setup.
Backing up and restoring the header
The header on a LUKS-encrypted device contains details of the encryption method and cipher, and also the master key needed for en-/decryption, itself encrypted by up to 8 passphrases, stored in key slots 0-7. It is advisable to make a backup of the header whenever you create an encrypted device or add, remove or change any of the passphrases. If the header or any of the key slots become corrupt (or you accidentally remove all the keys! - see above), you can restore the header from a backup, which will restore the passphrases as they were in the backup.
Does the plugin allow for the backing up of headers or is this a suggestion that you should do it in the CLI? I can't find how to do it from the plugin.
Does the plugin allow for the backing up of headers or is this a suggestion that you should do it in the CLI? I can't find how to do it from the plugin.
It used to but I couldn't port that function to OMV 6. So, you will have to do it from the command line.
How often do you change passphrases? This should be a one time thing.
How often do you change passphrases? This should be a one time thing.
Yeah I know. Would've been nice if it was still available from the webui that's all.
Would've been nice if it was still available from the webui that's all.
I would've ported it if it was possible.
I would've ported it if it was possible.
My reaction wasn't recrimination just sadness lol. Out of curiosity what changed that made it impossible or not practical?
Out of curiosity what changed that made it impossible or not practical?
The web interface framework changed between OMV 5.x and 6.x. Plugins are created with declarative yaml and there is no file save type of component in this framework.
I can Lock/Unlock my encrypted drive okay but can't successfully test my key or add keys.
For testing my key I get (I've replaced it below with <my_password>):
500 - OK error
Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; export LANGUAGE=; /bin/bash -c 'echo -n '<my_password>' | cryptsetup luksOpen -v --test-passphrase '/dev/sde' --key-file=-' 2>&1' with exit code '2':
-----
I'm on OMV6 and all updates are installed.
Does your password have a ' or " or $ in it?
Hi Y'all,
A quick question:
Can LUKS be installed on on a disk already in service or does the drive need to be reformatted to make use of LUKS?
Thanks,
Phil
Can LUKS be installed on on a disk already in service or does the drive need to be reformatted to make use of LUKS?
The latter. LUKS creates a block device that you create a filesystem on. There is no way to do this without wiping the disk.
Does your password have a ' or " or $ in it?
No. But it does have other math symbol characters. I tried adding a purely alphanumeric key but it wouldn't accept it, presumably because I had to use my current key (which won't pass when checked).
Does this mean I have to wipe the drive and encrypt again with new keys?
Edit: I've got a very bad memory - I see by my own earlier post (RE: LUKS disk encryption plugin), using pure alphanumeric passphrase would fix it - but I'd rather not wipe the drive now since it would mean losing a day's work
Does this mean I have to wipe the drive and encrypt again with new keys?
Edit: I've got a very bad memory - I see by my own earlier post (RE: LUKS disk encryption plugin), using pure alphanumeric passphrase would fix it - but I'd rather not wipe the drive now since it would mean losing a day's work
No. LUKS can have 8 slots for passwords and any of them can unlock the container. Just add another slot or change the passphrase from the command line.
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!
